[PATCH 2/3][disco linux] UBUNTU: [Packaging] decompress gzipped efi images in signing tarball

[Seth Forshee]

On Tue, Jan 08, 2019 at 02:24:03PM +0000, Andy Whitcroft wrote:
> On Tue, Dec 18, 2018 at 09:57:15AM -0600, Seth Forshee wrote:
> > BugLink: https://bugs.launchpad.net/bugs/1804481
> > 
> > The arm64 generic kernel image files are gzipped. For UEFI secure
> > boot grub will validate the sigature on the decompressed image,
> > so the file in the signing tarbal must also be decompressed. It
> > can later be recompressed when building linux-signed.
> > 
> > Signed-off-by: Seth Forshee <seth.forshee at canonical.com>
> > ---
> >  debian/rules.d/2-binary-arch.mk | 12 ++++++++++--
> >  1 file changed, 10 insertions(+), 2 deletions(-)
> > 
> > diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk
> > index 61805f69e3fc..60d1dd510174 100644
> > --- a/debian/rules.d/2-binary-arch.mk
> > +++ b/debian/rules.d/2-binary-arch.mk
> > @@ -120,8 +120,16 @@ endif
> >  
> >  ifeq ($(uefi_signed),true)
> >  	install -d $(signingv)
> > -	cp -p $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* \
> > -		$(signingv)/$(instfile)-$(abi_release)-$*.efi;
> > +	# We use Image.gz for arm64; detect and decompress for signing
> > +	if [[ "$(kernfile)" =~ \.gz$$ ]]; then \
> > +		cat $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* | \
> > +			gunzip -cv > $(signingv)/$(instfile)-$(abi_release)-$*.efi; \
> Why would this not be
> 
> 		< $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* \
> 			gunzip -cv > $(signingv)/$(instfile)-$(abi_release)-$*.efi; \

No reason I suppose, will change this for v2.

> 
> > +		cp -p --attributes-only $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* \
> > +			$(signingv)/$(instfile)-$(abi_release)-$*.efi; \
> > +	else \
> > +		cp -p $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* \
> > +			$(signingv)/$(instfile)-$(abi_release)-$*.efi; \
> > +	fi
> >  endif
> >  ifeq ($(opal_signed),true)
> >  	install -d $(signingv)
> 
> -apw